CVE-2022-23799

All Frameworks › Joomla › CWE-Other › CVE-2022-23799

CVE-2022-23799

State: PUBLISHED · Published: 2022-03-30 · Updated: 2026-02-25 · Assigner: Joomla

Description

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.

CWE

(none)

Affected

Joomla! Project / Joomla! CMS — v=4.0.0-4.1.0 [affected]
Joomla! Project / joomla/input — v=2.0.0-2.0.1 [affected]

CVSS

(none)

References

https://developer.joomla.org/security-centre/876-20220307-core-variable-tampering-on-jinput-request-data.html x_refsource_MISC, vendor-advisory

Source

cvelistV5-main/cves/2022/23xxx/CVE-2022-23799.json